Noodles & Co Suffers Data Breach
No matter where it occurs, “suspicious activity” is almost never a good thing and it’s important to take it seriously. Whether it’s your own bank statement or a major company’s credit card payment system, acting quickly can minimize the damage and put you back in control.
When Colorado-based restaurant chain Noodles & Co. was alerted to “suspicious activity” by its credit card processing company last May, the result was a third-party investigation that uncovered malware on its network. According to their findings, customers who paid by credit card or debit card at any of its 400 affected locations in the first half of this year may have had their account information stolen.
There are some important things to understand about any kind of data breach like this one:
- Notification – Affected consumers will be notified of the possibility of a breach. Depending on whether or not there’s reason to believe the incident could impact their finances, companies may or may not be required to offer credit monitoring services to the customers. If you are sent a letter and told you’re eligible for credit monitoring, do not discard the letter! Follow through with the instructions in order to protect yourself.
- A change in how customers are notified – Until recently, victims of a data breach have been notified by mailed letters, but one state has already passed a bill that will let companies email the victims. While email has usually been considered less trustworthy than a mailed letter, it not only reduces the amount of time that passes between discovering the breach and alerting consumers, it’s a tremendous savings to a company who may have to inform millions of people about the breach.
- How did the malware get there? – Customers obviously can’t be expected to detect malware in a retailer’s POS system before paying, but this news still pertains to every citizen. In many instances, malware infects a retailer’s network after someone opens the door for a hacker. Several major retail data breaches have been traced back to an employee who accidentally downloaded the malicious software through a phishing attempt, by clicking a link in an email, or some other seemingly harmless behavior. This should serve as a reminder to be very careful of your own online behaviors.
- Monitoring yourself – Recent awareness of data breaches and changes to how we investigate suspicious activity has meant major improvements in reporting breaches and informing the victims. What used to take months or even years to uncover and report now takes days in some cases. But that doesn’t mean you should skip the legwork of protecting yourself. Monitoring your credit card statements, bank statements, online and mobile banking sites, and even your credit report will alert you to suspicious activity without having to wait for someone else to inform you. Stay on top of your accounts and watch over them yourself in order to stop any damage as soon as it starts.
Anyone can be a victim of identity theft, anyone can use our services, and anyone can help us help others. If you found this information useful, please consider donating to the Identity Theft Resource Center to help us keep our services free to the public.